Hack This Site! - Javascript 6

Description:

go go away .js

now you see it..umm...wait... 

Level 6

Fiftysixer decided to try his hand at javascript!

All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.

He didn't mind, in fact, he did his best to make it even MORE confusing!

Find the password:

          _________________

Password:|_________________|

Check Password

Solution:

1. View page source code, and find the javascript code below.
   
   <script type="text/javascript" src="http://hackthissite.org/missions/javascript/6/checkpass"></script> <script language="javascript"> RawrRawr = "moo"; function check(x) { "+RawrRawr+" == "hack_this_site" if (x == ""+RawrRawr+"") { alert("Rawr! win!"); window.location = "about:blank"; } else { alert("Rawr, nope, try again!"); } } function checkpassw(moo) { RawrRawr = moo; checkpass(RawrRawr); } </script>
   
2. Check the whole code in detail, and you 'll find out the submit button will send password to a javascript function named "checkpass".

   < button onclick="javascript:checkpass(document.getElementById('pass').value)">Check Password< /button>

3. But the function above is named "checkpassw".
4. So, the real function is actually somewhere in the page. We can see there's a javascript file link contains "checkpass" like below.

   hxxp://hackthissite.org/missions/javascript/6/checkpass

5. Visit the link and there's the real password checking function like below.
   
   dairycow="moo"; moo = "pwns"; rawr = "moo"; function checkpass(pass) { if(pass == rawr+" "+moo) { alert("How did you do that??? Good job!"); window.location = "../../../missions/javascript/6/?lvl_password="+pass; } else { alert("Nope, try again"); } }
   
6. Input the password "moo pwns" and check .
7. How did you do that??? Good job!
8. Correct, Level Up